Javier Fernandez-Sanguino Pena discovered that noweb scripts createdtemporary files in an insecure way. This could allow a symlink attackto create or overwrite arbitrary files with the privileges of the userrunning noweb.